An increasing number of computers are connected to computer networks (e.g., the Internet). Networked computers provide a significant benefit of accessing and sharing data over the networks. However, these networked computers are also vulnerable to attacks, unwanted intrusions, and unauthorized access.
Certain existing network security systems have been developed to protect computers from attacks, unwanted intrusions, unauthorized access, and other malicious activities. Such network security systems typically include a firewall to prevent unauthorized access to the network or its computers. Exemplary network security systems also include intrusion detection systems (IDS) and intrusion prevention systems (IPS) that typically contain a library of malware fingerprints (e.g., fingerprints of malware payloads and other unauthorized activities). By using the malware fingerprints, the IDS or the IPS can detect attempts to access computer systems without authorization. When a connection is attempted to a network port, the IDS or IPS examines the low-level IP data packets and compares them to its library of fingerprints for a match. When a match is identified, the IDS or IPS provides notification of the match and/or prevents further access. Therefore, the malware fingerprints play a critical role in network security.
A critical threat to computer networks is the so-called zero-day attack that exploits security vulnerabilities previously unknown to software developers or system operators. Because the security vulnerabilities are unknown to the software developers or system operators, often the fingerprints of such zero-day attacks are unavailable for comparison. Until the fingerprints are identified, attacks exploiting the same security vulnerabilities continue without detection by the network security systems. However, identifying the fingerprints of malicious activities in the middle of numerous other non-malicious processes is not a trivial task.
In addition, malicious processors can be better detected at a low level in a computer system (e.g., within an operating system of the computer system). However, distributing detection tools that operate at a low level in computer systems are challenging, because any errors in the detection tool operation at the low level of the computer system may cause a system failure or crash. In addition, distribution of a detection tool that operates at a low level often requires rebooting the computer system, which is not suitable for computer systems that require continuous and uninterrupted operations.
Thus, there is a great need for improved methods of distributing detection tools for detecting malicious activities on computer systems. In addition, there is a great need for improved methods for monitoring computer systems for other purposes, such as monitoring the performance of computer systems, monitoring the performance of particular software applications on computer systems, and debugging software applications.